Security First: How We Protect Your Data

When you entrust your customer conversations and business data to Chatsy, security isn't just a feature — it's a foundational principle. Here's how we protect your data at every layer.

Our Security Philosophy

Defense in Depth: We don't rely on a single security measure. Multiple overlapping controls ensure that if one fails, others provide protection.

Least Privilege: Every system, user, and process has only the minimum access required to function.

Zero Trust: We verify every request, even from internal systems. Trust is earned, not assumed.

Data Encryption

At Rest

All data is encrypted using AES-256:

• Database: PostgreSQL with Transparent Data Encryption (TDE)
• File Storage: S3 with server-side encryption (SSE-S3)
• Backups: Encrypted with customer-specific keys

In Transit

All communications use TLS 1.3:

• API Traffic: HTTPS only, HSTS enabled
• Internal Services: mTLS between microservices
• Database Connections: SSL required, certificate validation

Encryption Key Management

• Keys stored in AWS KMS
• Automatic key rotation every 90 days
• Separate keys per customer (Enterprise tier)

Access Controls

Multi-Tenant Isolation

Every query includes tenant validation:

typescript
// Every database query includes tenant check
const documents = await prisma.document.findMany({
  where: {
    chatbotId,
    chatbot: {
      userId: session.user.id  // Always scoped to authenticated user
    }
  }
});

Role-Based Access Control (RBAC)

Owner       → Full access, billing, team management
Admin       → Full access except billing
Member      → Create/edit chatbots, view analytics
Viewer      → Read-only access

Authentication

• Password: bcrypt with cost factor 12
• Sessions: Secure, HttpOnly cookies with 24-hour expiry
• OAuth: Support for Google, GitHub SSO
• API Keys: Scoped, rotatable, rate-limited

AI Safety

Prompt Injection Protection

We sanitize all user inputs before they reach the LLM:

typescript
function sanitizeInput(input: string): string {
  // Remove potential injection patterns
  return input
    .replace(/\b(ignore|disregard|forget)\s+(previous|above|all)\b/gi, '')
    .replace(/\bsystem\s*:/gi, '')
    .replace(/\buser\s*:/gi, '')
    .trim();
}

Content Filtering

• Profanity and harmful content detection
• PII redaction in logs
• Configurable response boundaries

Hallucination Prevention

• Responses cite sources from your knowledge base
• Confidence scoring with fallback to "I don't know"
• Human escalation for uncertain queries

Infrastructure Security

Network Architecture

┌─────────────────────────────────────────────┐
│                 Cloudflare                   │
│              (DDoS Protection)               │
└─────────────────────────────────────────────┘
                      │
┌─────────────────────────────────────────────┐
│                 WAF Rules                    │
│          (OWASP, Custom Rules)              │
└─────────────────────────────────────────────┘
                      │
┌─────────────────────────────────────────────┐
│              Load Balancer                   │
│              (SSL Termination)               │
└─────────────────────────────────────────────┘
                      │
┌─────────────────────────────────────────────┐
│              Private VPC                     │
│    ┌─────────┐  ┌─────────┐  ┌─────────┐   │
│    │ App Pod │  │ App Pod │  │ App Pod │   │
│    └─────────┘  └─────────┘  └─────────┘   │
│                      │                       │
│    ┌─────────────────────────────────────┐  │
│    │        Database (Private)           │  │
│    └─────────────────────────────────────┘  │
└─────────────────────────────────────────────┘

Monitoring & Alerting

• Real-time anomaly detection
• Failed authentication alerts
• Unusual access pattern detection
• 24/7 on-call incident response

Compliance

Data Residency

• Default: US (AWS us-east-1)
• EU option: Frankfurt (AWS eu-central-1)
• Enterprise: Custom regions available

Data Retention

• Conversation logs: 90 days default (configurable)
• Analytics: 1 year
• Audit logs: 7 years
• Right to deletion: Honored within 30 days

Vulnerability Management

Bug Bounty Program

We maintain an active bug bounty program:

• Critical: $1,000 - $5,000
• High: $500 - $1,000
• Medium: $100 - $500

Penetration Testing

• Annual third-party penetration tests
• Continuous automated security scanning
• Immediate patching of critical vulnerabilities

Your Responsibilities

Security is a shared responsibility:

1. Use strong passwords: 12+ characters, unique per service
2. Enable 2FA: When available (coming soon!)
3. Review access regularly: Remove unused team members
4. Report concerns: security@chatsy.app

Questions?

Security is an ongoing conversation. If you have questions about our practices or need specific compliance documentation, reach out to security@chatsy.app.

Start Secure →